Table of Contents
Hello, myself Indranil. I am an IT employee more particularly an Ethical Hacker. I also provide training in various IT domains. I love playing with codes and with systems. I travel through Shuttle cars and public buses.
The trending and interesting thing, which I have found while traveling is a smart band or a smartwatch on everyone’s wrist. I found a keen interest in that. No, not to feel trendy of course!
But I also intended to buy and wear one. Can you guess why? To hack it and to play with it! After all, I am an Ethical Hacker…
Thus, the idea got into my head and it started weaving its plan to implement it! Being a trainer gave me an upper hand here. I shared my idea with one of my students, Sampat Banerjee, who is an Ethical Hacking enthusiast and has a deep interest in different aspects of hacking.
Being an enthusiast, he couldn’t control his emotions when I ask him “Are you interested to work on hacking the Smartwatches and band?”, and shouted out loud “YES SIR”.
And we both got started on the project. The implementation started in real life.
We will look into the technical part of this project with some visuals from the successfully implemented project. Here in this blog, we will discuss hacking MiBand3. Let’s get started then…
MiBand is a smart Band which hhasa touchscreen display, heart rate monitor, charging Port ,and a button. A charging cable is also available to charge it. The User has to install the MiFit app on their mobile. QR Scanner is given to the user to make a connection between the user’s mobile and the band. This connection is also known as a pairing that is nothing but through Bluetooth.
After the pairing is established then the notifications like incoming calls, date time, heart rate this data will be displayed on the Smart Band and all data will be transferred to the smart band through Bluetooth only. The fun stuff is here.
While I have gone through this whole process, then I have found that if I can transfer my data on the smart band then it will a real fun. Now here the data transfer takes place through Bluetooth protocol.
I had little knowledge of this protocol, but with a great interest in executing the idea, I started learning Bluetooth how it works and throughout. Then After a week I was confident enough that yeah let’s start, now how from which point, we will go to that part but first thing first. Let’s understand a few aspects of Bluetooth and its types.
Bluetooth is a type of radio that operates at high power over short distances. It transmits information in a similar way you receive sound to your radio or information over wifi. In binary (1s & 0s) format the data is transferred & in radio waves form it travel through space like light. The device receiving the Bluetooth signal has an antenna built-in where these radio waves got hit, then because of this hit the electrical current got generated and which the device will read as the original binary information.
Bluetooth has two major classes, Bluetooth Classic and Bluetooth Low Energy (BLE).
Out of all these the only thing that was essential was the ATT protocol.
To bypass the authentication of miband3, we had to check the log files for the ATT protocol request that go the handle that represents Anhui Huami Information Technology Co, it’s a Company that makes Smart wearable devices and that it owns the Xiaomi brand.
The authentication bypass steps are: –
At first, we tried to show a notification popup on the Mi-band but it wasn’t working as we didn’t know which handle or UUID was for notification. We started to use the trial-and-error method but we were constantly failing, and then we realized that we needed to authenticate our device. We were also failing to understand why the random authentication key is not working properly, after lots of attempts we figured out that we need to encrypt the random authentication key with a 16 bytes key using the AES/ECB/NoPadding encryption algorithm.
We also had to try with numerous amounts of unknown hexes and figure them out via multiple trials and error methods. All the efforts to successfully find out the byte value will be supported by the miband3 alert & call notification.
“I think the Software Testing Course is apt for me. Webskitters Academy has offered me the best experience for online training. Every learner can learn more about several concepts. The assignments to write Test cases and Test case Scenarios equipped me to learn to work on real-time projects. I got a job at a reputed firm with the help of the placement cell of this institute. I am extremely happy.”
“After the Software Testing course at Webskitters Academy, I now have the confidence to face testing interviews. I trusted the institute and here they gave me the best of the best. The assignments are great and they helped me to think out of the box and come up with new questions. I am extremely happy and satisfied and also got a job through this institute.”
Kolkata,India
“I am 100% content with the Software Testing course at Webskitters Academy. The professionals explain every question and doubt that aroused in my mind. The entire course is explained the thorough and step-by-step process. It is very professional but the learning method and environment are very friendly.”
Kolkata,India
“I am glad that I took the decision of joining Advanced PHP and MVC (Laravel) online course at Webskitters Academy. I joined the course during the lockdown, to learn programming. However, it is turned out to be more than just a course. It became my passion. The tutors were so good and encouraging. I even got a good placement during the pandemic, just a few days after the completion of the course.”
Kolkata,India
“Learnt PHP Laravel under Swarup Kumar Saha Sir. He is very helpful and excellent trainer. I am done this course online. The training was good I improved my coding skill and also improved my communication skills.”
Kolkata,India
“Learnt PHP With Laravel under Swarup Kumar Saha Sir. He is an excellent trainer. The training was good I improved my coding skills as well as communication skills.”
“I did training on Android App Development using Core Java from here. I guess, I couldn’t have find a better faculty than Swarup Sir. The thing I liked the most is that he is very friendly and always eager to help us on any terms. Apart from teaching us Android in a very great way, he helped us in personality development too, as he always motivated us in a good way. So, I guess these training days were not only for learning but also for finding our own skills and mastering them. Thanks to Webskitters for providing us this opportunity. I would like to learn more from here.”
Kolkata,India
“I had a fantastic experience with this academy. I trained by professionals. I learned Android App Development using Core Java properly and got a job very early in a reputed software company through this academy. Many many thanks to Amit sir, Riyanka ma’am and Debjit sir.”
Kolkata,India
“I have done Android App Development using Core Java training from this academy for one month. They cover most of topic in one month. Trainer (educator) was very supportive and polite.”
Kolkata,India
“Right after completing my Android App Development with KotlinCourse at Webskitters Academy, I landed a job in a reputed firm. This was an incredible experience for me as before that I was looking for a job for almost a year but failed to get any. Thanks to the professional training I took from the experts that helped me start my career instantly.”
Kolkata,India
We are glad to have hired the students from Webskitters Academy! We have to mention that they are trained to be the professionals. From the first day onwards, they have shown their excellence, and it is very impressive. Our team is also happy with their involvement and performance. Looking forward to hire more excellent students from them!
We are happy with the quality of training that the Webskitters Academy students have received. Few of them have been on-board with us recently and they have impressed us. We would recommend our associates to hire freshers from this institute, they make sure that the students are well-trained and prepared for the industry.
We hired the students from Webskitters Academy and to our surprise we found out that they are brilliant in their work! No way we can call them students, they are professionals. They know their work, have the skills and are well-groomed for the profession. Thanks, Webskitters Academy for such a comprehensive training!
“It was for the first time that we hired students from Websitters Academy. We had some doubts regarding freshers, but to our surprise, they are very good in their work. They know exactly how to do a particular job keeping the industry standards in mind. Our organization is happy to have them. Their codes, and development skills are perfect, suitable for the industry. It proves that they have been trained comprehensively. Good work by the faculties of Webskitters Academy. We will definitely recruit more young talents from you.”